Domain Names Using Email Forwarding through eNom: SPF, DKIM, DMARC Requirements

Last updated [Aug 4, 2025]

Why DMARC Is Now Required for Email Forwarding and What You Need to Know

Introduction

Due to new requirements from major email providers (like Google, Microsoft, and others), domains using email forwarding must have proper authentication records—SPF, DKIM, and DMARC—in place. Without these, forwarded emails may be lost or blocked without notification, and troubleshooting delivery issues may be time-consuming or billable.

What’s Happening?

  • Industry standards evolved: In 2024, large providers began strictly enforcing DMARC compliance, with Microsoft joining in May 2025.
  • No DMARC = lost email: Domains missing required records, especially DMARC, may find emails rejected, missing, or silently failing—even if forwarding used to “just work.” (SPF and DKIM required before adding DMARC)
  • Manual setup required: DNS-based email forwarding is “legacy” tech and now requires more careful manual configuration to work reliably.
  • Support is limited and billable: Tracking issues is difficult and time-intensive without a full mailbox, making support requests billable in many cases.
  • This affects anyone using domain-level email forwarding, especially if only MX and SPF records are set.
  • Legacy Technology: DNS-level email forwarding is now considered outdated. It lacks the reliability, tracking, and deliverability of modern email solutions that use dedicated mailboxes.
  • Evolving Standards: Email authentication requirements from major providers are becoming stricter, making legacy forwarding methods increasingly challenging to support.

What is Needed?

  • Add DKIM: For each domain, DKIM setup at Enom requires submitting a manual request by KartHost on your behalf, which is essential for authentication. Enom does not have a DKIM generator for the legacy domain name email forwarding.
  • Set Up DMARC: Define your DMARC policy, reporting address, and frequency, and you must provide this if KartHost is asked to add it.
  • Monitor Reports: Review DMARC reports to ensure your emails are being delivered as intended.
  • Keep SPF Updated: Update your SPF record if your email sending or forwarding setup changes.

What You Need to Do?

Follow these steps, exactly as shown, to maximize deliverability for your forwarded email and meet modern standards.
This is essential if you use Enom Domain forwarding and manage your DNS through KartHost Customer Center.

[Step 1] Add/Update Your SPF Record

SPF authorizes servers to send email for your domain.

  • Record type: TXT
  • Host/Name: @
  • Value:
  • text
    v=spf1 include:_spf.emfwd.name-services.com mx ~all
  • Note: Only one SPF TXT record should exist for your domain. If another already exists, edit it to include the above. Only IF you are NOT using your domain for email hosted with another company.

[Step 2]  Add Your DKIM Records (Two CNAMEs Required)

DKIM cryptographically signs email, proving it wasn't altered in transit.
Do NOT use any DKIM generator! Use these values, and

Replace example.com with your actual domain name:

Host/Name Type Value
k1._domainkey CNAME k1.example.com.dkim.hostedemail.link
k2._domainkey CNAME k2.example.com.dkim.hostedemail.link

 

[Step 3]  Add a DMARC Record

Before you begin, you will need to understand DMARC. To Learn more, visit our Knowledgebase article. 

DMARC Understanding and Why it is needed.

DMARC controls what happens if SPF or DKIM checks fail and allows reporting.

  • Record Type: TXT
  • Host/Name: _dmarc
  • Value:
    (Start with monitor only, then increase strictness)
text
v=DMARC1; p=none; rua=mailto:[email protected]
  • You may change p=none to p=quarantine (move failures to spam) or p=reject (block failures) once you're confident everything authenticates.
  • Replace [email protected] with a valid address to receive reports.

Best Practices & Limitations

  • All three records—SPF, DKIM (both CNAMEs), and DMARC—must be present for reliable forwarding.
  • There must be only one SPF and DMARC TXT record per domain.
  • Do not use custom DKIM records or TXT DKIM for Enom-based forwarding.
  • Email forwarding alone is a legacy/unsupported setup. For best results, consider a dedicated mailbox or modern alias solution.
  • DNS changes take up to 24–48 hours to propagate.
  • Troubleshooting is limited and may incur a Domain Name Concierge Service Fee due to high manual effort required.
 

Frequently Asked Questions

Why isn’t forwarding as reliable as before?
Industry changes now require full authentication. Without this, providers silently block or drop forwarded mail.

Is support included?
Manual setup and ongoing troubleshooting may incur additional service fees, because legacy forwarding requires extra work due to new standards.

Summary Table – What to Add to DNS

Type

Host/Name

Value

Notes

TXT

@

v=spf1 include:_spf.emfwd.name-services.com mx ~all

SPF (root; only one per domain)

CNAME

k1._domainkey

k1.example.com.dkim.hostedemail.link

DKIM (replace with your domain)

CNAME

k2._domainkey

k2.example.com.dkim.hostedemail.link

DKIM (replace with your domain)

TXT

_dmarc

v=DMARC1; p=none; rua=mailto:[email protected]

DMARC (edit policy/email as needed)

Is Domain Name Email Forwarding Still Recommended?

  • Email forwarding without dedicated mailboxes is an older, less reliable method that is becoming increasingly difficult to support due to new industry restrictions.
  • Most modern providers and businesses have moved to direct mailboxes or alias-based solutions for better reliability and tracking.
  • Troubleshooting of issues is a billable service. 

What About Gmail or Outlook/Hotmail?

  • Gmail and Outlook do not offer domain-level email forwarding as a built-in feature for custom domains. They require proper authentication for all incoming mail, including forwarded messages.
  • If you rely on forwarding, you must comply with these authentication requirements.
  • KartHost, however, offers domain name aliases within KloudEmail Basic or Suite. Requirement to activate one mailbox for the emails to forward from to provide tracking logs to help with future support. (You will also be able to send from that mailbox with the email address using your domain name)

Service Fee Notice

Domains with email forwarding only may be asked to pay the Domain Name Concierge Service Fee, as this is a manual setup.
This fee helps cover the cost of manual setup and ongoing support as industry standards evolve.

If your business depends on email reliability, consider upgrading to a mailbox-based or alias solution for superior deliverability and support.

Further Reading to Understand DMARC

For a detailed explanation, see our Knowledgebase article:
DMARC Understanding and Why it is Needed.

Je li Vam ovaj odgovor pomogao? 0 Korisnici koji smatraju članak korisnim (0 Glasovi)

Najpopularnije

EPP Code what is it and where do I find it?

The EPP key Authorization code, known as a EPP code (aka Transfer Authorization Code) is a...
Understanding of Domain Name Transfer Statuses

Awaiting auto-verification of transfer request: An auto-verification transfer order has been...
Redemption Grace Period

Once a domain name expires will be placed into Renewal Grace period and you can pay the invoice...
Do I have Anti-Spam and Anti-Virus Protect for my email accounts with my Hosting Packages?

We provide you with both Anti-Spam & Anti-Virus Protection on all KARTHOST email accounts....
Can I manage my Domain Forwarding in the KARTHOST Customer Center?

Is your Domain Name Registered with KartHost? If Yes,we provide for FREE DNS service and Domain...